<?php
	$uri = $_SERVER['REQUEST_URI'];
	$uri_var = explode('/', $uri);
	
	$count = count($uri_var);
	$dot = "";
	
	for($i=0; $i<$count-2; $i++)
	{
		$dot = $dot."../";
	}
?>
<?php include($dot.'mvz-config/system/begin.php'); ?>
<?php include($dot.'mvz-config/system/session_start.php'); ?>
<?php include($dot.'mvz-config/system/session.php'); ?>
<?php
	/*
	foreach ($_POST as $key => $val)
	{
		$flag = explode("-",$key);
		
		echo $key." = ".$val;
		echo "<br />";
	}
	die();
	*/
	
	//echo count($_POST)."<br />";
	
	
	
	$isValid = false;
	
	foreach ($_POST as $key => $val)
	{
		
		$flag = explode("-",$key);
		
		if(!is_numeric($flag[0]))
		{
			if(!isset($_POST['process_module_id']))	{$modid = "";}	else{$modid = sql_quote(trim($_POST['process_module_id']));}
			if(!isset($_POST['process_module_name']))	{$modname = "";}	else{$modname = sql_quote(trim($_POST['process_module_name']));}
			if(!isset($_POST['process_module_sub_id']))	{$modsubid = "";}	else{$modsubid = sql_quote(trim($_POST['process_module_sub_id']));}
			if(!isset($_POST['process_module_category']))	{$modcategory = "";}else{$modcategory = sql_quote(trim($_POST['process_module_category']));}
			if(!isset($_POST['process_type']))		{$type = "";}	else{$type = sql_quote(trim($_POST['process_type']));}
			if(!isset($_POST['process_userin']))	{$user = "";}	else{$user = sql_quote(trim($_POST['process_userin']));}
			if(!isset($_POST['process_usergroup']))	{$usrgrp = "";}	else{$usrgrp = sql_quote(trim($_POST['process_usergroup']));}
			if(!isset($_POST['process_datein']))	{$date = "";}	else{$date = sql_quote(trim($_POST['process_datein']));}

			$isValid = check_user_module_process_privilege($user, $usrgrp, $modcategory, $modid, $modsubid, $type);
		}
		
	}
	
	// echo "modid : ".$modid." -<br />";
	// echo "modname : ".$modname." -<br />";
	// echo "modsubid : ".$modsubid." -<br />";
	// echo "modtype : ".$modcategory." -<br />";
	// echo "type : ".$type." -<br />";
	// echo "user : ".$user." -<br />";
	// echo "usrgrp : ".$usrgrp." -<br />";
	// echo "date : ".$date." -<br />";
	// echo "isValid : ".$isValid." -<br />";
	// die();
	
	if($isValid)
	{
		foreach ($_POST as $key => $val)
		{
			$flag = explode("-",$key);
			
			if(is_numeric($flag[0]))
			{
				$usergroupid = $flag[0];
			
				if($usergroupid > $_SESSION['usergroupid'])
				{
					if($flag[1] == "1")
					{
						$type = "module";
					}
					else if($flag[1] == "2")
					{
						$type = "management";
					}
					$moduleid = $flag[2];
					$modulesubid = $flag[3];
					if($flag[4] == "V")
					{
						$field_name_value = "modulegroupprivilegeenable";
					}
					else if($flag[4] == "A")
					{
						$field_name_value = "modulegroupprivilegeinsert";
					}
					else if($flag[4] == "E")
					{
						$field_name_value = "modulegroupprivilegeupdate";
					}
					else if($flag[4] == "D")
					{
						$field_name_value = "modulegroupprivilegedelete";
					}	
					
					if($modulesubid == 0)
					{
						
						$sql_select = "
							select * from ms_module_group_privilege
							where stsrc = 'A' and usergroupid = ".$usergroupid." 
								and modulegroupprivilegetype = '".$type."'
								and modulegroupprivilegemoduleid = ".$moduleid."
								and modulegroupprivilegemodulesubid = 0 
						";
					}
					else
					{
						
						$sql_select = "
							select * from ms_module_group_privilege
							where stsrc = 'A' and usergroupid = ".$usergroupid." 
								and modulegroupprivilegetype = '".$type."'
								and modulegroupprivilegemoduleid = ".$moduleid." 
								and modulegroupprivilegemodulesubid = ".$modulesubid."
								
						";
					}
					
					$exe_select = mysql_query($sql_select) or die(mysql_error());
					$num_select = mysql_num_rows($exe_select);
					$row_select = mysql_fetch_array($exe_select);
					
					if($num_select > 0)	// update
					{
						
						if($modulesubid == 0)
						{
							$sql_select_2 = "
							select * from ms_module_group_privilege
							where stsrc = 'A' and usergroupid = ".$usergroupid." 
								and modulegroupprivilegetype = '".$type."' 
								and modulegroupprivilegemoduleid = ".$moduleid." 
								and modulegroupprivilegemodulesubid = 0 
								and ".$field_name_value." = ".$val."
							";
						}
						else
						{
							$sql_select_2 = "
							select * from ms_module_group_privilege
							where stsrc = 'A' and usergroupid = ".$usergroupid." 
								and modulegroupprivilegetype = '".$type."' 
								and modulegroupprivilegemoduleid = ".$moduleid." 
								and modulegroupprivilegemodulesubid = ".$modulesubid."
								and ".$field_name_value." = ".$val."
							";
						}
						$exe_select_2 = mysql_query($sql_select_2) or die(mysql_error());
						$num_select_2 = mysql_num_rows($exe_select_2);
						$row_select_2 = mysql_fetch_array($exe_select_2);
					
						if($num_select_2 < 1)
						{
							if($modulesubid == 0)
							{
								$sql_update = " 
								update ms_module_group_privilege
								set ".$field_name_value." = ".$val.", userup = ".$_SESSION['userid'].", dateup = '".GET_DATE."'
								where stsrc = 'A' and usergroupid = ".$usergroupid." 
									and modulegroupprivilegetype = '".$type."' 
									and modulegroupprivilegemoduleid = ".$moduleid." 
									and modulegroupprivilegemodulesubid = 0 
								";
							}
							else
							{
								$sql_update = " 
								update ms_module_group_privilege
								set ".$field_name_value." = ".$val.", userup = ".$_SESSION['userid'].", dateup = '".GET_DATE."'
								where stsrc = 'A' and usergroupid = ".$usergroupid." 
									and modulegroupprivilegetype = '".$type."' 
									and modulegroupprivilegemoduleid = ".$moduleid." 
									and modulegroupprivilegemodulesubid = ".$modulesubid."
								";
							}
							
							$exe_update = mysql_query($sql_update) or die(mysql_error());
						}
					}
					else	// insert
					{
						
						if($flag[4] == "V" && $val == 1)
						{
							$sql_insert_value = "1,0,0,0";
						}
						else if($flag[4] == "A" && $val == 1)
						{
							$sql_insert_value = "0,1,0,0";
						}
						else if($flag[4] == "E" && $val == 1)
						{
							$sql_insert_value = "0,0,1,0";
						}
						else if($flag[4] == "D" && $val == 1)
						{
							$sql_insert_value = "0,0,0,1";
						}
						else
						{
							$sql_insert_value = "0,0,0,0";
						}
						
						$sql_insert = " 
						insert into ms_module_group_privilege
						values ('', '".$type."', ".$usergroupid.", ".$moduleid.", ".$modulesubid.", ".$sql_insert_value.", ".$_SESSION['userid'].", '', '".GET_DATE."', '', 'A')
						
						";
						
						$exe_insert = mysql_query($sql_insert) or die(mysql_error());
					}
				}
			}
		}
		addLogByUsername("Add/Edit data Module Privilege");
		setSessionMsg("Data succesfully saved");
		header("Location: ".url_referer());
	}
	else
	{
		addLogByUsername("Access Denied : Management Module Privilege");
		setSessionMsg("Access denied");
		header("Location: ".url_referer());
	}
?>
<?php include($dot.'mvz-config/system/end.php'); ?>